Home > Vulnerability Database > CVE-2022-4515

Mend.io Vulnerability Database

CVE-2022-4515

Date: December 19, 2022

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.

Language: C

Severity Score

7.8

Related Resources (7)

Url: https://sourceforge.net/p/ctags/code/HEAD/tree/tags/ctags-5.8/sort.c#l56

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2022-4515

Url: https://lists.debian.org/debian-lts-announce/2022/12/msg00040.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-4515

Url: https://security-tracker.debian.org/tracker/CVE-2022-4515

Url: https://access.redhat.com/security/cve/CVE-2022-4515

Url: https://www.mend.io/vulnerability-database/CVE-2022-4515

Severity Score

7.8

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-4515

Date: December 19, 2022

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?